1 Answer
1

Yes, If a firewall/IDS is installed it will probably block your backdoor, since most firewalls block suspicious inbound connections. That's why most of the times instead of a bind shell, a reverse shell is used instead. But again a firewall may be blocking outbound connections too, so it will fail also.

Now, if a firewall is not installed, a bind shell will probably fail again, because of NAT. If the target isn't directly exposed to the internet and hasn't forwarded this specific port you won't be able to connect, but it would work if you were in the same network with the target (and no firewall/IDS was installed).

really interesting! How the firewall can know that is a suspicious inbound?
– EvanussoNov 3 '18 at 20:27

@Evanusso that depends on how a certain firewall/IDS works, but I guess that most of them would block nc.exe from listening on a port, unless the user somehow specifies them not to do so.
– game0verNov 3 '18 at 20:44

Also some processes may be white-listed and allowed to accept inbound connections. In such a case if you e.g. have access and you want to set e.g. persistence it is very usual to migrate in such a process since the firewall won't block connections talking to this application.
– game0verNov 3 '18 at 20:46

Really interesting. I spend this last hour researching about backdoor vs reverse shell. Is there a good reason to use a backdoor, since it looks much more complicated, and won't offer any gains over the reverse shell.
– EvanussoNov 3 '18 at 21:00

@Evanusso If with "backdoor" you mean a bind shell, then it is totally different than a reverse shell and there are some cases where it may be easier to use it instead of a reverse shell (I've seen such cases) and vise versa. It really depends on the target.
– game0verNov 3 '18 at 21:06